package vulnerabilityreport_test

import (
	"io"
	"testing"
	"time"

	"github.com/onsi/gomega"
	appsv1 "k8s.io/api/apps/v1"
	batchv1 "k8s.io/api/batch/v1"
	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/labels"
	"k8s.io/client-go/kubernetes/scheme"
	"k8s.io/utils/ptr"
	"sigs.k8s.io/controller-runtime/pkg/client"

	"github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1"
	"github.com/aquasecurity/trivy-operator/pkg/docker"
	"github.com/aquasecurity/trivy-operator/pkg/trivyoperator"
	"github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport"
)

func TestReportBuilder(t *testing.T) {
	g := gomega.NewGomegaWithT(t)
	report, _, err := vulnerabilityreport.NewReportBuilder(scheme.Scheme).
		Controller(&appsv1.ReplicaSet{
			TypeMeta: metav1.TypeMeta{
				Kind:       "ReplicaSet",
				APIVersion: "apps/v1",
			},
			ObjectMeta: metav1.ObjectMeta{
				Name:      "some-owner",
				Namespace: "qa",
				Labels:    labels.Set{"tier": "tier-1", "owner": "team-a"},
			},
		}).
		Container("my-container").
		PodSpecHash("xyz").
		Data(v1alpha1.VulnerabilityReportData{}).
		ResourceLabelsToInclude([]string{"tier"}).
		Get()

	g.Expect(err).ToNot(gomega.HaveOccurred())
	g.Expect(*report).To(gomega.Equal(v1alpha1.VulnerabilityReport{
		ObjectMeta: metav1.ObjectMeta{
			Name:      "replicaset-some-owner-my-container",
			Namespace: "qa",
			OwnerReferences: []metav1.OwnerReference{
				{
					APIVersion:         "apps/v1",
					Kind:               "ReplicaSet",
					Name:               "some-owner",
					Controller:         ptr.To[bool](true),
					BlockOwnerDeletion: ptr.To[bool](false),
				},
			},
			Labels: map[string]string{
				trivyoperator.LabelResourceKind:      "ReplicaSet",
				trivyoperator.LabelResourceName:      "some-owner",
				trivyoperator.LabelResourceNamespace: "qa",
				trivyoperator.LabelContainerName:     "my-container",
				trivyoperator.LabelResourceSpecHash:  "xyz",
				trivyoperator.LabelK8SAppManagedBy:   trivyoperator.AppTrivyOperator,
				"tier":                               "tier-1",
			},
		},
		Report: v1alpha1.VulnerabilityReportData{},
	}))
}

func TestScanJobBuilder(t *testing.T) {
	t.Run("Should get scan job with labels", func(t *testing.T) {
		g := gomega.NewGomegaWithT(t)
		job, _, err := vulnerabilityreport.NewScanJobBuilder().
			WithPlugin(&testPlugin{}).
			WithPluginContext(trivyoperator.NewPluginContext().
				WithName("test-plugin").
				WithNamespace("trivy-operator-ns").
				WithServiceAccountName("trivy-operator-sa").
				Get()).
			WithTimeout(3 * time.Second).
			WithObject(&appsv1.ReplicaSet{
				TypeMeta: metav1.TypeMeta{
					Kind:       "ReplicaSet",
					APIVersion: "apps/v1",
				},
				ObjectMeta: metav1.ObjectMeta{
					Name:      "nginx-6799fc88d8",
					Namespace: "prod-ns",
				},
				Spec: appsv1.ReplicaSetSpec{
					Template: corev1.PodTemplateSpec{
						Spec: corev1.PodSpec{
							Containers: []corev1.Container{
								{
									Name:  "nginx",
									Image: "nginx:1.16",
								},
							},
						},
					},
					Selector: &metav1.LabelSelector{},
				},
			}).
			Get()
		g.Expect(err).ToNot(gomega.HaveOccurred())
		g.Expect(job).ToNot(gomega.BeNil())
		g.Expect(job).To(gomega.Equal(&batchv1.Job{
			ObjectMeta: metav1.ObjectMeta{
				Name:      "scan-vulnerabilityreport-64d65c457",
				Namespace: "trivy-operator-ns",
				Labels: map[string]string{
					trivyoperator.LabelK8SAppManagedBy:            "trivy-operator",
					trivyoperator.LabelVulnerabilityReportScanner: "test-plugin",
					trivyoperator.LabelResourceKind:               "ReplicaSet",
					trivyoperator.LabelResourceName:               "nginx-6799fc88d8",
					trivyoperator.LabelResourceNamespace:          "prod-ns",
					trivyoperator.LabelResourceSpecHash:           "65b7b5dd9d",
				},
				Annotations: map[string]string{
					trivyoperator.AnnotationContainerImages: `{"nginx":"nginx:1.16"}`,
				},
			},
			Spec: batchv1.JobSpec{
				BackoffLimit:          ptr.To[int32](0),
				Completions:           ptr.To[int32](1),
				ActiveDeadlineSeconds: ptr.To[int64](3),
				Template: corev1.PodTemplateSpec{
					ObjectMeta: metav1.ObjectMeta{
						Labels: map[string]string{
							trivyoperator.LabelK8SAppManagedBy:            "trivy-operator",
							trivyoperator.LabelVulnerabilityReportScanner: "test-plugin",
							trivyoperator.LabelResourceKind:               "ReplicaSet",
							trivyoperator.LabelResourceName:               "nginx-6799fc88d8",
							trivyoperator.LabelResourceNamespace:          "prod-ns",
							trivyoperator.LabelResourceSpecHash:           "65b7b5dd9d",
						},
					},
					Spec: corev1.PodSpec{},
				},
			},
		}))
	})

	t.Run("Should get scan job with annotations", func(t *testing.T) {
		g := gomega.NewGomegaWithT(t)
		job, _, err := vulnerabilityreport.NewScanJobBuilder().
			WithPlugin(&testPlugin{}).
			WithPluginContext(trivyoperator.NewPluginContext().
				WithName("test-plugin").
				WithNamespace("trivy-operator-ns").
				WithServiceAccountName("trivy-operator-sa").
				Get()).
			WithAnnotations(map[string]string{"test-annotation": "test-value"}).
			WithTimeout(3 * time.Second).
			WithObject(&appsv1.ReplicaSet{
				TypeMeta: metav1.TypeMeta{
					Kind:       "ReplicaSet",
					APIVersion: "apps/v1",
				},
				ObjectMeta: metav1.ObjectMeta{
					Name:      "nginx-6799fc88d8",
					Namespace: "prod-ns",
				},
				Spec: appsv1.ReplicaSetSpec{
					Template: corev1.PodTemplateSpec{
						Spec: corev1.PodSpec{
							Containers: []corev1.Container{
								{
									Name:  "nginx",
									Image: "nginx:1.16",
								},
							},
						},
					},
					Selector: &metav1.LabelSelector{},
				},
			}).
			Get()
		g.Expect(err).ToNot(gomega.HaveOccurred())
		g.Expect(job).ToNot(gomega.BeNil())
		g.Expect(job).To(gomega.Equal(&batchv1.Job{
			ObjectMeta: metav1.ObjectMeta{
				Name:      "scan-vulnerabilityreport-64d65c457",
				Namespace: "trivy-operator-ns",
				Labels: map[string]string{
					trivyoperator.LabelK8SAppManagedBy:            "trivy-operator",
					trivyoperator.LabelVulnerabilityReportScanner: "test-plugin",
					trivyoperator.LabelResourceKind:               "ReplicaSet",
					trivyoperator.LabelResourceName:               "nginx-6799fc88d8",
					trivyoperator.LabelResourceNamespace:          "prod-ns",
					trivyoperator.LabelResourceSpecHash:           "65b7b5dd9d",
				},
				Annotations: map[string]string{
					"test-annotation":                       "test-value",
					trivyoperator.AnnotationContainerImages: `{"nginx":"nginx:1.16"}`,
				},
			},
			Spec: batchv1.JobSpec{
				BackoffLimit:          ptr.To[int32](0),
				Completions:           ptr.To[int32](1),
				ActiveDeadlineSeconds: ptr.To[int64](3),
				Template: corev1.PodTemplateSpec{
					ObjectMeta: metav1.ObjectMeta{
						Labels: map[string]string{
							trivyoperator.LabelK8SAppManagedBy:            "trivy-operator",
							trivyoperator.LabelVulnerabilityReportScanner: "test-plugin",
							trivyoperator.LabelResourceKind:               "ReplicaSet",
							trivyoperator.LabelResourceName:               "nginx-6799fc88d8",
							trivyoperator.LabelResourceNamespace:          "prod-ns",
							trivyoperator.LabelResourceSpecHash:           "65b7b5dd9d",
						},
						Annotations: map[string]string{
							"test-annotation": "test-value",
						},
					},
					Spec: corev1.PodSpec{},
				},
			},
		}))
	})

	t.Run("Should get scan job running in workload namespace", func(t *testing.T) {
		g := gomega.NewGomegaWithT(t)
		job, _, err := vulnerabilityreport.NewScanJobBuilder().
			WithPlugin(&testPlugin{}).
			WithPluginContext(trivyoperator.NewPluginContext().
				WithName("test-plugin").
				WithNamespace("trivy-operator-ns").
				WithServiceAccountName("trivy-operator-sa").
				WithTrivyOperatorConfig(trivyoperator.ConfigData{
					trivyoperator.KeyVulnerabilityScansInSameNamespace: "true"},
				).
				Get()).
			WithTimeout(3 * time.Second).
			WithObject(&appsv1.ReplicaSet{
				TypeMeta: metav1.TypeMeta{
					Kind:       "ReplicaSet",
					APIVersion: "apps/v1",
				},
				ObjectMeta: metav1.ObjectMeta{
					Name:      "nginx-6799fc88d8",
					Namespace: "prod-ns",
				},
				Spec: appsv1.ReplicaSetSpec{
					Template: corev1.PodTemplateSpec{
						Spec: corev1.PodSpec{
							Containers: []corev1.Container{
								{
									Name:  "nginx",
									Image: "nginx:1.16",
								},
							},
						},
					},
					Selector: &metav1.LabelSelector{},
				},
			}).
			Get()
		g.Expect(err).ToNot(gomega.HaveOccurred())
		g.Expect(job).ToNot(gomega.BeNil())
		g.Expect(job).To(gomega.Equal(&batchv1.Job{
			ObjectMeta: metav1.ObjectMeta{
				Name:      "scan-vulnerabilityreport-64d65c457",
				Namespace: "prod-ns",
				Labels: map[string]string{
					trivyoperator.LabelK8SAppManagedBy:            "trivy-operator",
					trivyoperator.LabelVulnerabilityReportScanner: "test-plugin",
					trivyoperator.LabelResourceKind:               "ReplicaSet",
					trivyoperator.LabelResourceName:               "nginx-6799fc88d8",
					trivyoperator.LabelResourceNamespace:          "prod-ns",
					trivyoperator.LabelResourceSpecHash:           "65b7b5dd9d",
				},
				Annotations: map[string]string{
					trivyoperator.AnnotationContainerImages: `{"nginx":"nginx:1.16"}`,
				},
			},
			Spec: batchv1.JobSpec{
				BackoffLimit:          ptr.To[int32](0),
				Completions:           ptr.To[int32](1),
				ActiveDeadlineSeconds: ptr.To[int64](3),
				Template: corev1.PodTemplateSpec{
					ObjectMeta: metav1.ObjectMeta{
						Labels: map[string]string{
							trivyoperator.LabelK8SAppManagedBy:            "trivy-operator",
							trivyoperator.LabelVulnerabilityReportScanner: "test-plugin",
							trivyoperator.LabelResourceKind:               "ReplicaSet",
							trivyoperator.LabelResourceName:               "nginx-6799fc88d8",
							trivyoperator.LabelResourceNamespace:          "prod-ns",
							trivyoperator.LabelResourceSpecHash:           "65b7b5dd9d",
						},
					},
					Spec: corev1.PodSpec{},
				},
			},
		}))
	})

	t.Run("Should get scan job and secrets in operator namespace for cluster-scoped resources", func(t *testing.T) {
		g := gomega.NewGomegaWithT(t)
		job, secrets, err := vulnerabilityreport.NewScanJobBuilder().
			WithPlugin(&testPluginWithSecrets{}).
			WithPluginContext(trivyoperator.NewPluginContext().
				WithName("test-plugin").
				WithNamespace("trivy-operator-ns").
				WithServiceAccountName("trivy-operator-sa").
				WithTrivyOperatorConfig(trivyoperator.ConfigData{
					trivyoperator.KeyVulnerabilityScansInSameNamespace: "true"},
				).
				Get()).
			WithTimeout(3 * time.Second).
			WithObject(&corev1.Pod{
				TypeMeta: metav1.TypeMeta{
					Kind:       "ClusterSbomReport",
					APIVersion: "v1alpha1",
				},
				ObjectMeta: metav1.ObjectMeta{
					Name: "sbom-k8s-cluster",
				},
				Spec: corev1.PodSpec{
					Containers: []corev1.Container{
						{
							Name:  "kbom",
							Image: "k8s.gcr.io/kube-apiserver:v1.27.0",
						},
					},
				},
			}).
			Get()
		g.Expect(err).ToNot(gomega.HaveOccurred())
		g.Expect(job).ToNot(gomega.BeNil())
		g.Expect(secrets).ToNot(gomega.BeNil())
		g.Expect(job.Namespace).To(gomega.Equal("trivy-operator-ns"))
		for _, secret := range secrets {
			g.Expect(secret.Namespace).To(gomega.Equal("trivy-operator-ns"))
		}
		g.Expect(job).To(gomega.Equal(&batchv1.Job{
			ObjectMeta: metav1.ObjectMeta{
				Name:      "scan-vulnerabilityreport-5586fcf885",
				Namespace: "trivy-operator-ns",
				Labels: map[string]string{
					trivyoperator.LabelK8SAppManagedBy:            "trivy-operator",
					trivyoperator.LabelVulnerabilityReportScanner: "test-plugin",
					trivyoperator.LabelResourceKind:               "ClusterSbomReport",
					trivyoperator.LabelResourceName:               "sbom-k8s-cluster",
					trivyoperator.LabelResourceNamespace:          "",
					trivyoperator.LabelResourceSpecHash:           "566b6d9867",
				},
				Annotations: map[string]string{
					trivyoperator.AnnotationContainerImages: `{"kbom":"k8s.gcr.io/kube-apiserver:v1.27.0"}`,
				},
			},
			Spec: batchv1.JobSpec{
				BackoffLimit:          ptr.To[int32](0),
				Completions:           ptr.To[int32](1),
				ActiveDeadlineSeconds: ptr.To[int64](3),
				Template: corev1.PodTemplateSpec{
					ObjectMeta: metav1.ObjectMeta{
						Labels: map[string]string{
							trivyoperator.LabelK8SAppManagedBy:            "trivy-operator",
							trivyoperator.LabelVulnerabilityReportScanner: "test-plugin",
							trivyoperator.LabelResourceKind:               "ClusterSbomReport",
							trivyoperator.LabelResourceName:               "sbom-k8s-cluster",
							trivyoperator.LabelResourceNamespace:          "",
							trivyoperator.LabelResourceSpecHash:           "566b6d9867",
						},
					},
					Spec: corev1.PodSpec{},
				},
			},
		}))
	})

	t.Run("Should get scan job and secrets in workload namespace for namespaced resources", func(t *testing.T) {
		g := gomega.NewGomegaWithT(t)
		job, secrets, err := vulnerabilityreport.NewScanJobBuilder().
			WithPlugin(&testPluginWithSecrets{}).
			WithPluginContext(trivyoperator.NewPluginContext().
				WithName("test-plugin").
				WithNamespace("trivy-operator-ns").
				WithServiceAccountName("trivy-operator-sa").
				WithTrivyOperatorConfig(trivyoperator.ConfigData{
					trivyoperator.KeyVulnerabilityScansInSameNamespace: "true"},
				).
				Get()).
			WithTimeout(3 * time.Second).
			WithObject(&appsv1.Deployment{
				TypeMeta: metav1.TypeMeta{
					Kind:       "Deployment",
					APIVersion: "apps/v1",
				},
				ObjectMeta: metav1.ObjectMeta{
					Name:      "nginx-deployment",
					Namespace: "app-namespace",
				},
				Spec: appsv1.DeploymentSpec{
					Template: corev1.PodTemplateSpec{
						Spec: corev1.PodSpec{
							Containers: []corev1.Container{
								{
									Name:  "nginx",
									Image: "nginx:1.21",
								},
							},
						},
					},
					Selector: &metav1.LabelSelector{},
				},
			}).
			Get()
		g.Expect(err).ToNot(gomega.HaveOccurred())
		g.Expect(job).ToNot(gomega.BeNil())
		g.Expect(secrets).ToNot(gomega.BeNil())
		g.Expect(job.Namespace).To(gomega.Equal("app-namespace"))
		g.Expect(secrets).To(gomega.HaveLen(2))
		for _, secret := range secrets {
			g.Expect(secret.Namespace).To(gomega.Equal("app-namespace"))
		}
		g.Expect(job).To(gomega.Equal(&batchv1.Job{
			ObjectMeta: metav1.ObjectMeta{
				Name:      "scan-vulnerabilityreport-77cdb65cfc",
				Namespace: "app-namespace",
				Labels: map[string]string{
					"app.kubernetes.io/managed-by":      "trivy-operator",
					"resource-spec-hash":                "68497f9bcb",
					"trivy-operator.resource.kind":      "Deployment",
					"trivy-operator.resource.name":      "nginx-deployment",
					"trivy-operator.resource.namespace": "app-namespace",
					"vulnerabilityReport.scanner":       "test-plugin",
				},
				Annotations: map[string]string{
					"trivy-operator.container-images": `{"nginx":"nginx:1.21"}`,
				},
			},
			Spec: batchv1.JobSpec{
				BackoffLimit:          ptr.To[int32](0),
				Completions:           ptr.To[int32](1),
				ActiveDeadlineSeconds: ptr.To[int64](3),
				Template: corev1.PodTemplateSpec{
					ObjectMeta: metav1.ObjectMeta{
						Labels: map[string]string{
							"app.kubernetes.io/managed-by":      "trivy-operator",
							"resource-spec-hash":                "68497f9bcb",
							"trivy-operator.resource.kind":      "Deployment",
							"trivy-operator.resource.name":      "nginx-deployment",
							"trivy-operator.resource.namespace": "app-namespace",
							"vulnerabilityReport.scanner":       "test-plugin",
						},
					},
					Spec: corev1.PodSpec{},
				},
			},
		}))
	})

	t.Run("Should set scan job with custom volume and volume mount", func(t *testing.T) {
		g := gomega.NewGomegaWithT(t)
		job, _, err := vulnerabilityreport.NewScanJobBuilder().
			WithPlugin(&testContainersPlugin{}).
			WithPluginContext(trivyoperator.NewPluginContext().
				WithName("test-plugin").
				WithNamespace("trivy-operator-ns").
				WithServiceAccountName("trivy-operator-sa").
				Get()).
			WithTimeout(3 * time.Second).
			WithObject(&appsv1.ReplicaSet{
				TypeMeta: metav1.TypeMeta{
					Kind:       "ReplicaSet",
					APIVersion: "apps/v1",
				},
				ObjectMeta: metav1.ObjectMeta{
					Name:      "nginx-6799fc88d8",
					Namespace: "prod-ns",
				},
				Spec: appsv1.ReplicaSetSpec{
					Template: corev1.PodTemplateSpec{
						Spec: corev1.PodSpec{
							InitContainers: []corev1.Container{
								{
									Name:  "test-init-container",
									Image: "test-init-image",
								},
							},

							Containers: []corev1.Container{
								{
									Name:  "test-container",
									Image: "test-image",
								},
							},
						},
					},
					Selector: &metav1.LabelSelector{},
				},
			}).
			WithCustomVolumes([]corev1.Volume{
				{
					Name: "test-volume",
					VolumeSource: corev1.VolumeSource{
						EmptyDir: &corev1.EmptyDirVolumeSource{},
					},
				},
			}).
			WithCustomVolumesMount([]corev1.VolumeMount{
				{
					Name:      "test-volume",
					MountPath: "/test-mount-path",
				},
			}).
			Get()
		g.Expect(err).ToNot(gomega.HaveOccurred())
		g.Expect(job).ToNot(gomega.BeNil())
		g.Expect(job).To(gomega.Equal(&batchv1.Job{
			ObjectMeta: metav1.ObjectMeta{
				Name:      "scan-vulnerabilityreport-64d65c457",
				Namespace: "trivy-operator-ns",
				Labels: map[string]string{
					"app.kubernetes.io/managed-by":      "trivy-operator",
					"resource-spec-hash":                "8665699864",
					"trivy-operator.resource.kind":      "ReplicaSet",
					"trivy-operator.resource.name":      "nginx-6799fc88d8",
					"trivy-operator.resource.namespace": "prod-ns",
					"vulnerabilityReport.scanner":       "test-plugin",
				},
				Annotations: map[string]string{
					"trivy-operator.container-images": `{"test-container":"test-image","test-init-container":"test-init-image"}`,
				},
			},
			Spec: batchv1.JobSpec{
				BackoffLimit:          ptr.To[int32](0),
				Completions:           ptr.To[int32](1),
				ActiveDeadlineSeconds: ptr.To[int64](3),
				Template: corev1.PodTemplateSpec{
					ObjectMeta: metav1.ObjectMeta{
						Labels: map[string]string{
							"app.kubernetes.io/managed-by":      "trivy-operator",
							"resource-spec-hash":                "8665699864",
							"trivy-operator.resource.kind":      "ReplicaSet",
							"trivy-operator.resource.name":      "nginx-6799fc88d8",
							"trivy-operator.resource.namespace": "prod-ns",
							"vulnerabilityReport.scanner":       "test-plugin",
						},
					},
					Spec: corev1.PodSpec{
						Volumes: []corev1.Volume{
							{
								Name: "test-volume",
								VolumeSource: corev1.VolumeSource{
									EmptyDir: &corev1.EmptyDirVolumeSource{},
								},
							},
						},
						InitContainers: []corev1.Container{
							{
								Name:  "test-init-container",
								Image: "test-init-image",
								VolumeMounts: []corev1.VolumeMount{
									{
										Name:      "test-volume",
										MountPath: "/test-mount-path",
									},
								},
							},
						},
						Containers: []corev1.Container{
							{
								Name:  "test-container",
								Image: "test-image",
								VolumeMounts: []corev1.VolumeMount{
									{
										Name:      "test-volume",
										MountPath: "/test-mount-path",
									},
								},
							},
						},
					},
				},
			},
		}))
	})
}

type testPlugin struct {
}

func (p *testPlugin) Init(_ trivyoperator.PluginContext) error {
	return nil
}

func (p *testPlugin) GetScanJobSpec(_ trivyoperator.PluginContext, _ client.Object, _ map[string]docker.Auth, _ *corev1.SecurityContext, _ map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) {
	return corev1.PodSpec{}, nil, nil
}

func (p *testPlugin) ParseReportData(_ trivyoperator.PluginContext, _ string, _ io.ReadCloser) (v1alpha1.VulnerabilityReportData, v1alpha1.ExposedSecretReportData, *v1alpha1.SbomReportData, error) {
	return v1alpha1.VulnerabilityReportData{}, v1alpha1.ExposedSecretReportData{}, &v1alpha1.SbomReportData{}, nil
}

type testContainersPlugin struct {
}

func (p *testContainersPlugin) Init(_ trivyoperator.PluginContext) error {
	return nil
}

func (p *testContainersPlugin) GetScanJobSpec(_ trivyoperator.PluginContext, _ client.Object, _ map[string]docker.Auth, _ *corev1.SecurityContext, _ map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) {
	return corev1.PodSpec{
		InitContainers: []corev1.Container{
			{
				Name:  "test-init-container",
				Image: "test-init-image",
			},
		},
		Containers: []corev1.Container{
			{
				Name:  "test-container",
				Image: "test-image",
			},
		},
	}, nil, nil
}

func (p *testContainersPlugin) ParseReportData(_ trivyoperator.PluginContext, _ string, _ io.ReadCloser) (v1alpha1.VulnerabilityReportData, v1alpha1.ExposedSecretReportData, *v1alpha1.SbomReportData, error) {
	return v1alpha1.VulnerabilityReportData{}, v1alpha1.ExposedSecretReportData{}, &v1alpha1.SbomReportData{}, nil
}

type testPluginWithSecrets struct {
}

func (p *testPluginWithSecrets) Init(_ trivyoperator.PluginContext) error {
	return nil
}

func (p *testPluginWithSecrets) GetScanJobSpec(_ trivyoperator.PluginContext, _ client.Object, _ map[string]docker.Auth, _ *corev1.SecurityContext, _ map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) {
	return corev1.PodSpec{}, []*corev1.Secret{
		{
			ObjectMeta: metav1.ObjectMeta{
				Name: "test-secret-1",
			},
		},
		{
			ObjectMeta: metav1.ObjectMeta{
				Name: "test-secret-2",
			},
		},
	}, nil
}

func (p *testPluginWithSecrets) ParseReportData(_ trivyoperator.PluginContext, _ string, _ io.ReadCloser) (v1alpha1.VulnerabilityReportData, v1alpha1.ExposedSecretReportData, *v1alpha1.SbomReportData, error) {
	return v1alpha1.VulnerabilityReportData{}, v1alpha1.ExposedSecretReportData{}, &v1alpha1.SbomReportData{}, nil
}
